Hide more details when showDetailedJettyErrors is enabled

[raboof]

Druid currently has the property druid.server.http.showDetailedJettyErrors [1] which when set to false, will remove the fields cause and servlet from any error response created by the Jetty layer (this property is currently set to true by default). However, this property currently does not modify, sanitize, nor hide the other fields in the Jetty error response (namely message, url, and `status).

It might make sense to sanitize all other fields (message, url, and status) so that user provided content does not get added. While this content is properly escaped, meaning there is no risk of XSS-style problems, in paranoid cases they could in theory still lead to information disclosure or other confusion.

[github-actions[bot]]

This issue has been marked as stale due to 280 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@druid.apache.org list. Thank you for your contributions.

[github-actions[bot]]

This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.